Governance Officer in Cambridge

At Valcon, we are a European powerhouse in data & AI-driven business transformation. We combine deep expertise in data and AI with our heritage in operational excellence, delivery discipline and organisational change. Trusted by leading organisations across Europe, we advise and implement. We focus on outcomes and deliver measurable business impact. Backed by private equity, Valcon has brought together leading firms to form one of Europe’s fastest-growing consultancies. In February 2026, we achieved Databricks Gold Partner status, recognising our certified capability, delivery track record and growing European footprint. In the UK, we are scaling quickly while keeping a collaborative, hands-on and pragmatic culture.

The Governance Officer supports Valcon Group to ensure the consultancy operates with strong governance, robust information security practices, and consistent ISO Quality compliance across all client engagements and internal operations. This role combines traditional governance oversight with the ability to adapt to the changing nature of consultancy.

You work closely with the Director of Operations, Group IT Manager, Partners, and consulting teams to maintain and improve the organisation’s Information Security Management System (ISMS), supporting a range of ISO compliance frameworks, IR35, supply chain management and embedding a culture of assurance and accountability.

• Governance & Compliance
  • Maintain and enhance the organisation’s governance framework, ensuring alignment with regulatory, contractual, and industry standards.
  • Oversee compliance with internal policies, client requirements, and relevant legislation (e.g., GDPR, data protection, cybersecurity regulations).
  • Conduct internal audits and governance reviews, producing clear recommendations and action plans.
  • Support project teams in meeting governance requirements without introducing unnecessary overhead.
• ISMS Management (ISO 27001)
  • Act as the primary owner and coordinator of the Information Security Management System (ISMS).
  • Maintain ISO 27001 documentation, policies, procedures, and evidence repositories.
  • Plan, execute, and document internal ISMS audits; coordinate external surveillance and recertification audits.
  • Monitor and report on ISMS performance, including KPIs, non‑conformities, corrective actions, and opportunities for improvement.
  • Ensure risk assessments are performed regularly and that risk treatment plans are implemented and tracked.
  • Lead security awareness initiatives, ensuring staff understand their responsibilities and follow secure practices.
  • Manage the incident management process, including logging, investigation, root‑cause analysis, and lessons learned.
  • Work with technical teams to ensure security controls are implemented, maintained, and continuously improved.
• Risk Management
  • Maintain the organisation‑wide risk register, ensuring risks are identified, assessed, and mitigated.
  • Facilitate risk workshops with delivery teams and leadership.
  • Provide clear reporting on risk trends, emerging threats, and required actions.
• Project & Portfolio Governance
  • Support project managers in applying governance processes, including stage gates, reporting cycles, and documentation standards.
  • Review project artefacts (RAID logs, change requests, business cases) for completeness and quality.
  • Consolidate portfolio‑level reporting for leadership, highlighting risks, dependencies, and performance indicators.
• Quality Assurance
  • Define and maintain quality standards for deliverables and client outputs as outlined in ISO9001.
  • Conduct quality reviews and provide actionable feedback to project teams.
  • Identify recurring issues and drive continuous improvement initiatives.
• Stakeholder Engagement
  • Act as a trusted advisor to internal teams and clients on governance, risk, and information security best practices.
  • Facilitate governance boards, steering committees, and security forums.
  • Communicate governance and ISMS requirements clearly and constructively.

• Essential
  • Experience in governance, risk, compliance, or PMO roles within an IT consultancy or technology‑driven organisation.
  • Hands‑on experience managing or supporting an ISO 27001 ISMS.
  • Strong understanding of information security principles, risk management, and audit processes.
  • Excellent communication, documentation, and stakeholder‑management skills.
  • Ability to influence teams and embed good governance and security practices.
  • High attention to detail and a structured, analytical approach.
• Desirable
  • IR35 SME implementation and audit experience.
  • Experience supporting cloud security, digital transformation, or managed services environments.
  • Familiarity with governance and security tools (e.g., Jira, Confluence, GRC platforms).

• The ISMS is well‑maintained, audit‑ready, and continuously improving.
• Governance processes are consistently applied and understood across the consultancy.
• Risks are proactively managed, with clear visibility and fewer escalations including IR35 related matters.
• Clients experience increased confidence in the organisation’s security posture and delivery quality.
• Teams view governance and security as enablers of high‑quality delivery.